Network Forensics

Network Forensics
Network Forensics
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 15m | 295 MB

Network forensics is used to find legal evidence in network devices. In this course, Jungwoo Ryoo covers all of the major concepts and tools in this growing technical field. Jungwoo begins by reviewing the basics: the goals of network forensics, a network forensic investigator’s typical toolset, and the legal implications of this type of work. Then, he shows how to prepare for an investigation; acquire network logs and investigate network events; collect and investigate network traffic; and leverage various network forensics tools, such as Wireshark, Splunk, and tcpdump. Along the way, he uses a combination of open-source and commercial software, so you can uncover the information you need with tools that are in your budget.

Topics include:

  • Goals of network forensics
  • Using a syslog and Microsoft Log Parser
  • Investigating network traffic
  • How protocol analysis works
  • ARP and DNS poisoning
  • Working with network forensics tools
  • Using packet sniffers
Table of Contents

Introduction
1 Learning network forensics
2 What you should know

Understanding Network Forensics
3 Goals of network forensics
4 Tools
5 Legal implications
6 Current and future trends
7 Anti-network forensics techniques

Preparing for a Network Forensics Investigation
8 Network forensics investigation hardware
9 Network forensics investigation software
10 Understanding computer networking
11 Understanding networking devices
12 Understanding network data sources

Investigating Network Events
13 Network logs
14 Intrusion and security events
15 Network logs as evidence
16 Network logs and compliance
17 Audit logs
18 Firewall logs
19 syslog
20 syslog-ng
21 Kiwi Syslog Server
22 Microsoft Log Parser

Investigating Network Traffic
23 Fundamentals
24 Network models
25 Subnets subnet ID and subnet mask
26 Protocol analysis
27 ARP
28 ARP poisoning
29 DNS
30 DNS poisoning

Network Forensics Tools
31 tcpdump and WinDump
32 tcpdump and WinDump hands-on
33 Wireshark
34 Wireshark hands-on
35 HTTP proxies
36 HTTP proxies hands-on
37 Splunk
38 Splunk hands-on

Conclusion
39 Next steps